CIO Insights and Analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Adjusting to the New World of Risk Management

A new survey highlights CIO risk management responsibilities and opportunities in a volatile business climate.

In a recent survey of 192 U.S. executives from various sectors, conducted by Deloitte and Forbes Insights, a stunning 91 percent of respondents said they plan to reorganize and reprioritize their approaches to risk management. More than half indicated they believe that the volatility of risk in areas like technology, regulation, and geopolitics would increase over the next three years.

In the wake of recent global economic events, many organizations are still grappling with a volatile risk environment. For CIOs, this challenge, coupled with findings from the survey, represent a call to action—and an unprecedented opportunity to address a c-suite pressure point, says Henry Ristuccia, the global leader of Governance, Risk and Compliance for Deloitte & Touche LLP.

Ristuccia shared his thoughts on the findings of the Deloitte/Forbes Insights risk survey and what they say about the role CIOs can play in future enterprise risk management (ERM) efforts.

The Deloitte/Forbes Insights survey reveals that many companies are rethinking their approaches to risk management. What does this mean for CIOs?

More than three-quarters (79 percent) of respondents stated that their approach to managing and responding to risk has changed over the past three years due to market volatility. Additionally, more than half of respondents indicated they expect more volatility to come in the area of technology risk. Taken together, these findings suggest that CIOs who are not thinking about how to allocate budget to improve risk programs are missing a strategic opportunity. CIOs work continually to keep core systems and processes running; far fewer recognize that risk is a growing concern for board members and other senior stakeholders. Those who can help automate risk monitoring, improve transparency, and build meaningful analytics and visualization capabilities could bring tremendous value to ERM efforts.

Figure 1: Volatility Drives Changes in Risk Management Strategies

Source: Deloitte Development LLC

Interestingly, the survey found that despite advances in risk-related technologies, automation tools used to continuously monitor risk are not widely used.

Fewer than 25 percent of respondents indicated that most risks are continuously monitored in their companies. Even in areas that are considered highly volatile like financial and operational risk, relatively few companies use technology to continuously monitor risks. Though the variety of electronic governance risk compliance (EGRC) technologies is somewhat limited at present, more progressive organizations are leveraging what is available to embed analytics and continuous monitoring capabilities in the most critical areas.

What risk monitoring tools should CIOs be looking at right now?

EGRC tools are evolving, but there is still a significant gap between what executives want and what is available. Some organizations want highly customized, specific tools to ensure certain topics are point-in-time monitored for risk issues. Others want tools that can monitor and measure risk on all network points that are external-facing. Another consideration is that increasingly, senior stakeholders, boards, and audit and risk committees are asking CIOs to present risk monitoring data to them via dashboards. This is a call to action for CIOs. They are being challenged to help monitor risk across the enterprise by harmonizing and creating greater transparency into risk data.

Survey respondents said social media will be a major source of risk in the future. Is there currently an effective approach for managing this risk?

In general, CIOs devote more effort to managing other types of risk, like economic and regulatory, than to addressing the risk associated with emerging technologies; however, as companies have launched social business initiatives, they have encountered cyberattacks and other security issues that are dramatically changing social media’s risk profile. Social media is becoming a critical component of many market offerings. As a result, the business side will be looking for CIOs to identify and deliver the security, risk monitoring, and analytics capabilities that can address specific risk areas associated with social business and other emerging business models.

Figure 2: Global Economics Pose the Greatest Risk

Source: Deloitte Development LLC

What challenges will CIOs likely face as they participate in ERM initiatives?

Given that there is currently no turnkey EGRC tool available, CIOs may have to devise alternate ways to support ERM initiatives and address the needs of senior stakeholders. This may not be easy; it will require a thorough understanding of the ever-changing risks their companies face. It will also require that they secure support from the business side for their proposals and strategies.

The good news is many companies are beginning to recognize how critical the CIO and IT will be to the success of their ERM initiatives: Survey respondents identified technology risk and strategic risk as areas where they expect budgets to increase the most.

About Deloitte Insights

Deloitte Insights for CIOs couples broad business insights with deep technical knowledge to help executives drive business and technology strategy, support business transformation, and enhance growth and productivity. Through fact-based research, technology perspectives and analyses, case studies and more, Deloitte Insights for CIOs informs the essential conversations in global, technology-led organizations. Learn more.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.